b'September 29, 1998\n\n\nMICHAEL S. COUGHLIN\nDeputy Postmaster General\n\nNORMAN E. LORENTZ\nSenior Vice President, Chief Technology Officer\n\nSUBJECT: Year 2000 Initiative: Post Implementation Verification (IS-AR-98-003)\n\n\nThis report presents the results of our review of the USPS Year 2000 (Y2K) Initiative.\nThis report is the third in a series dealing with the Y2K initiative. During this review we\nnoted that the Post Implementation Verification process needed improvement.\nManagement agreed with our findings and recommendations. The corrective actions\ntaken or planned are responsive to the issues raised in our report.\n\nThe cooperation and courtesies provided by your staff during the audit were\nappreciated.\n\n\n\nKarla W. Corcoran\n\nAttachment\n\ncc: \tThomas J. Koerber\n     Kenneth C. Weaver\n     Richard D. Weirich\n     John R. Gunnels\n\x0c                       USPS YEAR 2000 INITIATIVE:\n                       Post Implementation Verification\n\n                                     CONTENTS\n\n\n                                                                          Page\n\nExecutive Summary                                                          1\n\n\nIntroduction                                                               3\n\nPost Implementation Verification                                           5\n\n    Post Implementation Verification (PIV) Effectiveness And Efficiency    6\n\n\nRecommendations                                                            8\n\nAppendix I PIV Code Sampling Plan                                          9\n\n\nAppendix II Management Comments                                            10 \n\n\n\n\n\n                                  Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification\t                                  IS-AR-98-003\n\n\n                                      EXECUTIVE SUMMARY \n\n\nResults in brief \t              The year 2000 (Y2K) problem results from the way in which computer\n                                systems store and process dates. In many systems, the year 2000 will\n                                be indistinguishable from 1900, thereby causing potential system\n                                failures.\n\n                                This is the third in a series of the Office of Inspector General (OIG)\n                                reports regarding the Y2K initiative. Our first report addressed the\n                                \xe2\x80\x9cAwareness\xe2\x80\x9d and \xe2\x80\x9cAssessment\xe2\x80\x9d phases of the USPS Y2K Initiative.\n                                The second provided a preliminary assessment of the \xe2\x80\x9cRenovation,\xe2\x80\x9d\n                                \xe2\x80\x9cValidation,\xe2\x80\x9d and \xe2\x80\x9cImplementation\xe2\x80\x9d phases. Additional information\n                                on prior audit coverage is provided on page 4. As part of our audit\n                                coverage of the USPS Y2K initiative, we were asked by the Y2K\n                                Project Manager to provide a review of the Post Implementation\n                                Verification (PIV) process for effectiveness and efficiency. This\n                                report addresses aspects of that process.\n\n                                Remediation of systems applications for Y2K compliance primarily\n                                rests with USPS business managers and project leaders. The\n                                application project leaders are responsible for certifying that all\n                                application code has been reviewed for date implications, remediated,\n                                tested, and documented accordingly. The Portfolio Manager certifies\n                                the application as Y2K compliant and sends the certification to the\n                                Project Management Office (PMO). The PMO then initiates the PIV\n                                process.\n\n                                The PIV process, instituted by the PMO, is an independent verification\n                                of the Y2K remediation1 process to ensure that USPS systems\n                                applications are Y2K compliant and will operate correctly in the year\n                                2000 and beyond. The PMO is responsible for the oversight of the\n                                contractors performing PIV.\n\n                                The tasks that constitute PIV were developed by the USPS PMO and\n                                contractor staff and are being carried out by contractor personnel\n                                experienced in code review and conversion. The PIV has increased\n                                Y2K accountability by requiring USPS managers to submit all of their\n                                severe and critical applications for verification. However, the PIV\n                                process could not provide reasonable assurance that all severe and\n                                critical applications (166) would be independently verified before the\n                                Year 2000. This conclusion is based upon the fact that (a) Portfolio\n                                managers have certified and submitted applications for PIV without\n                                complete documentation; (b) applications were not submitted in a\n                                timely manner; and (c) all source code that had been reviewed in\n                                remediation was being reviewed again in PIV. In addition, there\n1\n    A process whereby USPS systems applications are corrected in order to make them Y2K compliant.\n\n                                                         1\n                                              Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification\t                         IS-AR-98-003\n\n\n                             remains approximately 400 noncritical application systems that need\n                             to be remediated before their projected failure dates.\n\n                             The PMO originally hired only one contractor to perform PIV.\n                             However, recognizing the enormity of the PIV task, the PMO hired\n                             two additional contractors in June 1998. We believe there are\n                             additional procedures, such as selective statistical sampling of source\n                             code, that have not been considered that could further expedite the\n                             PIV process.\n\n                             Taking timely action to implement our recommendations would allow\n                             USPS PIV contractors to process severe and critical application\n                             systems more quickly and help USPS identify application systems\n                             problems before a serious date-related failure occurs. See Appendix I\n                             for a statistical sampling plan that may be used on this project.\n\nRecommendations \n The Vice President, Information Systems should direct\n                             Portfolio Managers to:\n\n                             1. \t Certify and submit applications within 30 days of being remediated\n                                  and tested.\n\n                             2. \t Ensure applications include all required documentation before\n                                  being certified.\n\n                             3. \t Direct contractors to (a) help USPS remediation teams develop\n                                  adequate Y2K test plans and remediation documentation and (b)\n                                  assist in the correction of applications sent back from PIV.\n\n                             The Vice President, Information Systems should also direct\n                             the PMO to:\n\n                             4. \t Reject application systems that are submitted without complete\n                                  Y2K test plans and documentation and formally notify the\n                                  responsible Vice President and Chief Information Officer (CIO)\n                                  that the application was rejected.\n\n                             5. \t Develop and implement a statistical sampling plan for reviewing\n                                  application code as soon as test plans and documentation become\n                                  more acceptable.\n\nManagement \t                 The Deputy Postmaster General concurred with all findings and\nComments                     recommendations included in this report and has planned or taken\n                             corrective actions to improve USPS\' efforts to meet the Year 2000\n                             challenge.\n\n\n                                                      2\n                                           Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification\t                        IS-AR-98-003\n\n\n\nEvaluation of \t              The corrective actions USPS management has planned in response to\nManagement                   our recommendations are appropriate and, when fully implemented,\n                             should respond adequately to the recommendations.\nComments \t\n\n                                         INTRODUCTION\n                             The Y2K problem results from the way dates are recorded and\n                             calculated in computer systems. In the past, to conserve electronic\n                             data storage, systems have typically used two digits to represent the\n                             year, such as \xe2\x80\x9c98\xe2\x80\x9d representing 1998. With this two-digit date format,\n                             however, the year 2000 is indistinguishable from 1900, 2001 from\n                             1901, and so on. As a result of this ambiguity, application systems\n                             that use dates to perform calculations may fail after 1999.\n\n                             The USPS manages over 600 application systems related to internal\n                             and external operations. The application systems provide for critical\n                             tasks and encompass a wide variety of platform designs, operating\n                             systems, and programming languages.\n\n                             The USPS conducts renovation, validation, testing, and certification of\n                             its systems applications to ensure Y2K compliance. The\n                             responsibility to ensure that application systems are Y2K compliant\n                             remains with the USPS business managers, system Project Leader,\n                             and Portfolio Manager. The PIV program is directed by the Y2K\n                             PMO, which has the responsibility for overall verification of systems\n                             applications. The PMO determined it was necessary to establish a\n                             review of systems applications, after remediation, to provide\n                             independent assurance that they were Y2K compliant. To accomplish\n                             this objective, the PMO appointed a PIV Coordinator and hired\n                             contractors to conduct PIV tests under the direction of the PMO.\n\nManagement                   The PMO has invested considerable effort in making the PIV process\nAccomplishments              successful. A few of the accomplishments include: developing\n                             standard USPS PIV procedures and processes; hiring three contractors\n                             to help perform PIV; and verifying Y2K compliance of 16 converted\n                             application systems. In addition, the PIV Coordinator is constantly\n                             revising the PIV procedures to meet the dynamics of the USPS\n                             systems environment.\n\nObjective, Scope, \t          Our overall objective was to determine whether the PIV process was\nand Methodology              effective and efficient. Specifically, we wanted to determine if the\n                             PIV process was timely and provided reasonable assurance that\n                             application systems that had been remediated were Y2K compliant.\n\n                             At the request of the PMO, we reviewed the PIV process used to\n\n                                                      3\n                                           Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification                        IS-AR-98-003\n\n\n                             independently verify Y2K compliance of USPS application systems.\n                             In accessing the PIV process, we looked at applications submitted for\n                             PIV during June and July 1998.\n\n                             We reviewed numerous documents, including USPS PIV procedures,\n                             system inventories, test plans, and schedules. We also analyzed\n                             internal tracking reports developed by the PMO to monitor the\n                             progress of Y2K activities.\n\n                             We also discussed USPS Y2K activities related to this report with\n                             officials in various headquarters offices, including the Y2K Project\n                             Manager and leaders, PIV Coordinator, and contracted PIV personnel.\n                             Our audit work was accomplished during the period June through\n                             August 1998. This review was conducted in accordance with\n                             generally accepted government auditing standards and included such\n                             tests of internal controls as we considered necessary under the\n                             circumstances.\n\nPrior Audit                  This is the third in a series of OIG reports regarding the Y2K\nCoverage                     initiative. Our first report was "Year 2000 Initiative" (IS-AR-98-001,\n                             March 31, 1998). During this review, we examined the awareness and\n                             assessment phases of the USPS Y2K initiative and made\n                             recommendations for improvement in several areas including\n                             assigning accountability to responsible managers. USPS Management\n                             concurred fully with our findings and recommendations.\n\n                             Our second report was "Year 2000: Status of the Renovation,\n                             Validation, and Implementation Phases" (IS-AR-98-002, July 21,\n                             1998). This report involved a preliminary assessment of the\n                             renovation, validation and implementation phases of the USPS Y2K\n                             initiative. It contained recommendations for improvement in several\n                             areas including accurately reporting the compliance status of\n                             application systems. USPS Management concurred fully with our\n                             findings and recommendations.\n\n                             No prior audits were conducted by the Inspection Service or the\n                             General Accounting Office regarding specific USPS Y2K initiatives.\n\n\n\n\n                                                     4\n                                          Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification                                   IS-AR-98-003\n\n\n                                Post Implementation Verification\nResults\nBackground                    The PIV process, instituted by the PMO, is an independent\n                              verification of the Y2K remediation2 process to ensure that USPS\n                              systems applications are Y2K compliant and will operate correctly in\n                              the year 2000 and beyond. The PMO is responsible for the oversight\n                              of the contractors performing PIV. A description of how the PIV\n                              process fits into USPS Y2K Initiative follows.\n\n                              Remediation of systems applications for Y2K compliance primarily\n                              rests with USPS business managers and project leaders. The\n                              application project leaders are responsible for certifying that all\n                              application code has been reviewed for date implications, remediated,\n                              tested, and documented accordingly. The Portfolio Manager certifies\n                              the application as Y2K compliant and places it into production. The\n                              certification is sent to the PMO who initiates the PIV process.\n\n                              The PMO PIV Coordinator selects the applications to send to the PIV\n                              contractor based on the application\xe2\x80\x99s criticality and estimated failure\n                              date. Next, the PIV testing group requests the USPS project leader to\n                              submit all application documentation, source code, test plans, and\n                              Y2K compliance testing documentation.3 The PIV group reviews\n                              testing documentation and utilizes an automated tool to identify lines\n                              of source code for date-related items to be reviewed. The PIV group\n                              then performs a 100 percent manual review of all code for any\n                              date-related items the automated tool may have missed. Finally, PIV\n                              personnel visit the office where the application is run and observe\n                              Y2K tests performed by the project leader.\n\n                              Table 1, Status of USPS Application Systems Undergoing PIV,\n                              provides the total number of USPS systems applications and the status\n                              of the systems in the various stages of the PIV process as of July 24,\n                              1998. The table indicates that only about 12.5 percent of severe and\n                              critical applications had been nominated for PIV as of this date. The\n                              timeliness of applications being nominated4 for PIV will be reviewed\n                              in more depth and addressed in a follow-up report.\n\n\n\n\n2\n  A process whereby USPS systems applications are corrected in order to make them Y2K compliant. \n\n3\n  The PIV process has been delayed by inaccurate or incomplete source code and documentation.\n\n4\n  The PIV coordinator nominates systems applications by choosing which applications to send to the PIV contractor \n\n  based on the application\'s criticality and estimated failure date.\n\n                                                        5\n                                             Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification                                     IS-AR-98-003\n\n\n\n\n                  Status of USPS Application Systems Undergoing PIV\n                                              as of July 24, 1998\n\n     Application           Application          Nominated For           In PIV Process         Verified By PIV\n    Classification5         Systems                 PIV                                         As Compliant\n     Severe and               166                    21                         14                    5\n       Critical\n     Applications\n     Non-Critical               464                     44                      35                    11\n     Applications\n    Total Systems               630                     65                      49                    16\n\nPIV Effectiveness              The PIV process provided reasonable assurance that applications\nand Efficiency                 completing PIV were Y2K compliant. For example, during the pilot\n                               PIV process, the PIV team found that 9 of 15 systems reviewed were\n                               non-compliant. Since the formal PIV started in February 1998, all\n                               applications reviewed have been verified compliant.\n\n                               However, in our view, the PIV process was not as efficient as it could\n                               have been and changes need to be made quickly. For example, the\n                               PIV team was only verifying an average of four applications per\n                               month during the period January through July 1998. In addition to the\n                               full code review, applications were submitted without documentation\n                               or test plan descriptions. Furthermore, project leaders and portfolio\n                               managers have been reluctant to send their applications to PIV, stating\n                               the PIV process is too time-consuming. The challenges facing the PIV\n                               process are discussed below.\n\nIncomplete \n                   Portfolio managers certified and submitted applications to PIV without\nSubmissions \n                  complete documentation. For example, USPS PIV procedures require\n                               the submission of test plans at the time the application is submitted for\n                               PIV. However, PIV team personnel stated that they had not received\n                               complete test plans with any application submitted for PIV to date.\n                               Test plans are necessary to focus on the remediated parts of an\n                               application and also help determine where to focus source code\n                               reviews. The PIV team has been informally helping project leaders\n                               and Portfolio Managers develop test plans in order to complete PIV.\n                               Helping develop test plans diverts assigned PIV resources and slows\n                               down the PIV process.\n\n\n\n\n5\n All severe and critical application systems are required to go through the PIV process whereas the\nnon-critical systems are \xe2\x80\x9csubject\xe2\x80\x9d to PIV at the discretion of the PMO.\n\n                                                        6\n                                             Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification                                   IS-AR-98-003\n\n\n\n\nApplications Not \n Applications were not submitted for PIV as soon as they were\nSubmitted Timely \n remediated and certified. For example, prior to July 1998, all the\n                                Information Business System Support Centers (IBSSC) combined only\n                                submitted 10 of their 330 applications for PIV. The Minneapolis\n                                IBSSC did not submit any of its 120 applications. Planning for the use\n                                of PIV resources is more difficult when applications are not submitted\n                                in a timely manner or are held and submitted in large groups.\n\n100 Percent Code                At the time of our audit, the PIV team was reviewing 100 percent of\nReview                          the source code for all applications received. According to the PMO,\n                                it was not its original intention to do complete code reviews. This\n                                practice evolved as a means of coping with the applications submitted\n                                during the pilot PIV. The applications lacked documentation and\n                                contained a great deal of unremediated code. By contrast, the PIV\n                                team indicated that when the formal PIV process started, they found\n                                that most code had been remediated. However, documentation and\n                                test plans were still missing, thus necessitating continuation of the 100\n                                percent code review. According to the PIV team, the average team\n                                member spends about 5 hours to review 1,000 lines of code. The\n                                USPS has 166 severe and critical application systems that contain as\n                                much as 100 million lines of code6. Under the current PIV process,\n                                the only way the severe and critical code could be reviewed before the\n                                year 2000 would be if at least 33 individuals reviewed code every\n                                minute of every day, including weekends, until December 31, 1999.\n\n                                PMO personnel stated that the PIV process was designed to serve as a\n                                quality assurance (QA) review to help ensure the proper remediation\n                                of applications. A sound method of quality assurance starts with\n                                establishment of objectives and standards. In this case the objective is\n                                for USPS application systems to be Y2K compliant. Management has\n                                defined what it means for an application to be Y2K compliant. The\n                                next step of QA involves developing and implementing procedures to\n                                provide management with reasonable assurance that objectives and\n                                standards were met (is the application Y2K compliant?). Reasonable\n                                assurance does not imply absolute assurance and should be achieved\n                                by expending the least amount of resources. A QA function, by\n                                definition, involves an agreed upon, limited review or sampling of\n                                items or, in this case, lines of code, to spot check the quality of results\n                                involved to make an application Y2K compliant. Current procedures\n                                entail expending nearly as much effort as the remediation process\n                                itself. This is an inefficient use of staff, time-consuming, costly, and\n                                provides no guarantees that all unremediated code will be identified.\n\n\n6\n    The 100 million lines of code was based on the Rough Order Of Magnitude Study dated June 1998.\n\n                                                         7\n                                              Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification\t                         IS-AR-98-003\n\n\n                             We commend the PIV coordinator and contractor for establishing a\n                             high assurance level for reviewing remediated code. However, the\n                             current PIV process is so time-consuming that all severe and critical\n                             applications may not be verified before the Year 2000. Therefore, we\n                             believe a more efficient PIV approach involving the use of a well-\n                             designed statistical sampling plan could be followed with little loss to\n                             the current assurance level. See Appendix I for a statistical sampling\n                             plan that may be used on this project.\n\nRecommendations\t The Vice President, Information Systems should direct\n                             Portfolio Managers to:\n\n                             1. \t Certify and submit applications within 30 days of being\n                                  remediated and tested.\n\n                             2. \t Ensure applications include all required documentation before\n                                  being certified.\n\n                             3. \t Direct contractors to (a) help USPS remediation teams develop\n                                  adequate Y2K test plans and remediation documentation and (b)\n                                  assist in the correction of applications sent back from PIV.\n\n                             The Vice President, Information Systems should also direct\n                             the PMO to:\n\n                             4. \t Reject application systems that are submitted without complete\n                                  Y2K test plans and documentation and formally notify the\n                                  responsible Vice President and CIO that the application was\n                                  rejected.\n\n                             5. \t   Develop and implement a statistical sampling plan for reviewing\n                                    application code as soon as test plans and documentation become\n                                    more acceptable.\n\n\n\n\n                                                      8\n                                           Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification                       IS-AR-98-003\n\n\n                                    PIV Code Sampling Plan\n                                          Example\nThis statistical sampling plan described below was designed for us by an experienced statistician\nand is an example that management could apply to help expedite the PIV process. If\nimplemented, this sampling plan would replace the PIV 100 percent code inspection practice.\nNeither of these processes, i.e., 100 percent code inspection nor the sampling technique, will\nguarantee that all applications reviewed are completely Y2K compliant, but the statistical\napproach would reduce the amount of time necessary to complete an application review.\n\nPIV team members told us that the number of errors found while reviewing code was low.\nTherefore, this sampling plan uses a low error rate (.04). An error is defined as an unremediated\nor incorrectly remediated date-dependent item that may cause the application to fail in the year\n2000 or beyond. Table 1, PIV Statistical Sampling Parameters, shows by category of system the\ntarget parameters at 95 percent or higher confidence level with a plus/minus 1 percent precision,\nand the estimated maximum sample size.\n\nTo apply this plan, one would follow the existing procedures to the point of identifying\ndate-related items using the automated tool. Next, PIV team members would calculate the\nnumber of date-related lines of code identified by the tool and the number of lines not\ndate-related, i.e., the remainder. Using the table below, the PIV team would separately sample\nboth universes of code. They would examine only those lines of code that appeared in each\nsample, starting with the date-related sample first. If an error is found, the application system\ncontaining the error should be returned to its project leader for additional rework. This plan\nassumes that a 100 percent code inspection will be performed for those systems containing 2,500\nlines or less. During code reviews of non-critical applications, the PIV team would only review\nthe date-related sample.\n\n                            Table 1: PIV Statistical Sampling Parameters\n\nCategory of System Confidence Level       Precision                Maximum Sample Size*\n============== ============== =========                            ====================\nSevere              99 percent            .01                      2,500 lines of code\nCritical            99 percent            .01                      2,500 lines of code\nNon-Critical        95 percent            .01                      1,500 lines of code\n* Maximum sample size assumes a 4 percent error rate.\n\nCalculate the sample size using the following formula: n=(z/b)2 times (pq)\n\nThe terms of the formula are defined as follows: n = sample size\nz = confidence coefficient for desired confidence level (z = 2.58 for 99 percent confidence) and\n(z = 1.96 for 95 percent confidence).\nb = precision desired\np = error rate expected\nq = 1 minus the error rate = rate of non-error\n\n\n                                                     9                        APPENDIX I\n                                          Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification            IS-AR-98-003\n\n\n                                MANAGEMENT COMMENTS\n\n\n\n\n                                                   10                    APPENDIX II\n                                          Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification            IS-AR-98-003\n\n\n\n\n                                                   11                    APPENDIX II\n                                          Restricted Information\n\x0cYear 2000 Initiative \xe2\x80\x93 Post Implementation Verification            IS-AR-98-003\n\n\n\n\n        Major Contributors to this report were:\n\n\n\n\n                                                   12                    APPENDIX II\n                                          Restricted Information\n\x0c'